Method and apparatus of processing invalid user input search information

ABSTRACT

A method and apparatus of processing a user initiated request for information is disclosed. The method may provide receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application and receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage. The method may also include blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.

TECHNICAL FIELD OF THE INVENTION

This invention relates to a method and apparatus of processing userinput information, such as website addresses, and, more particularly, tointerpreting and resolving the errors generated by invalid web addressand web search entries submitted to a web browser application's addressbar.

BACKGROUND OF THE INVENTION

Consumers seeking access to information often rely on the Internet as aquick and easy source of information. In recent years, the speed andaccuracy of a web search or web address submission to a web browser hasbecome increasingly simple for the end user to execute. In fact, webbrowsers and corresponding web search engines often have backend toolsand applications that correct user input search information seamlesslywith or without the user's approval.

The corrective actions performed by the browser application and/or thesearch engine may provide an easy alternative to requiring the user tore-enter a web address or any portion of a search string set of terms orphrases. However, the corrective measures taken by the web browser, thesearch engine and/or the Internet service provider (ISP) are oftenbiased and do not always provide the end user with the most relevantinformation pertaining to the user's requested search criteria. Forexample, the user may be searching for a particular subject and mayenter the subjective content as a word or phrase into a search engine,or may enter the content into the web address portion of the web browserwithout knowing an exact web address corresponding to the desiredcontent. As a result, the search criteria may be return an invalidresult since it did not positively identify a known web address.

The invalid entry of website information or related web searchinformation in the browser's address bar may pose an opportunity for theISP, the search engine and/or the browser to transfer the request to alanding page or sponsored website link page, which may or may not berelated to the search criteria entered by the user. The reason forinvoking the redirect of the search criteria is a monetary opportunityfor the ISP, the browser company and/or the search engine to capitalizeon the user's inability to locate the correct destination website. Theemerging business of redirecting website requests to sponsored landingpages is a multi-million dollar business that generates profits fromredirecting the user's searches or invalid website entries to web pagesthat are often undesirable to the user and/or unrelated to the user'ssearch criteria.

SUMMARY OF THE INVENTION

One embodiment of the present invention may include a method ofprocessing a user initiated request for information. The method mayinclude receiving a user initiated request including a uniform resourcelocator (URL) submitted to a web browser application. The method mayalso include receiving a response that the URL is an invalid URL thatcannot be resolved to a corresponding webpage, and blocking a subsequentattempt to transmit the user initiated request as a browser modifiedsearch request that includes modifications to the user initiatedrequest.

Another example embodiment of the present invention may include anapparatus configured to process a user initiated request forinformation. The apparatus may include a receiver configured to receivea user initiated request including a uniform resource locator (URL)submitted to a web browser application and receive a response that theURL is an invalid URL that cannot be resolved to a correspondingwebpage. The apparatus may also include a processor configured to blocka subsequent attempt to transmit the user initiated request as a browsermodified search request that includes modifications to the userinitiated request.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example user initiated web page search accordingto example embodiments of the present invention

FIG. 2 illustrates an example network configuration according to exampleembodiments of the present invention.

FIG. 3 illustrates a network entity that may include memory, softwarecode and other computer processing hardware, and which may be configuredto perform operations according to example embodiments of the presentinvention.

FIG. 4 illustrates a flow diagram of an example method of operationaccording to example embodiments of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

It will be readily understood that the components of the presentinvention, as generally described and illustrated in the figures herein,may be arranged and designed in a wide variety of differentconfigurations. Thus, the following detailed description of theembodiments of a method, apparatus, and system, as represented in theattached figures, is not intended to limit the scope of the invention asclaimed, but is merely representative of selected embodiments of theinvention.

The features, structures, or characteristics of the invention describedthroughout this specification may be combined in any suitable manner inone or more embodiments. For example, the usage of the phrases “exampleembodiments”, “some embodiments”, or other similar language, throughoutthis specification refers to the fact that a particular feature,structure, or characteristic described in connection with the embodimentmay be included in at least one embodiment of the present invention.Thus, appearances of the phrases “example embodiments”, “in someembodiments”, “in other embodiments”, or other similar language,throughout this specification do not necessarily all refer to the samegroup of embodiments, and the described features, structures, orcharacteristics may be combined in any suitable manner in one or moreembodiments.

In addition, while the term “message” has been used in the descriptionof embodiments of the present invention, the invention may be applied tomany types of network data, such as packet, frame, datagram, etc. Forpurposes of this invention, the term “message” also includes packet,frame, datagram, and any equivalents thereof. Furthermore, while certaintypes of messages and signaling are depicted in exemplary embodiments ofthe invention, the invention is not limited to a certain type ofmessage, and the invention is not limited to a certain type ofsignaling.

Certain vendors' products are intended to capture a web browser'sconnection to the Internet when the browser attempts to browse for whatappears to be a well-formatted webpage and corresponding uniformresource locator (URL). However, the result of an invalid web addresssubmitted as a website retrieval request may obtain a “NXDOMAIN” typeHTTP response from the domain name server (DNS). This type of responsemay, in turn, yield a visual error result for the user (i.e., ERROR—thedomain does not exist).

A number of consumer Internet service providers (ISPs) such asCablevision's Optimum Online, Comcast, Time Warner, Cox Communications,RCN, Rogers, Charter Communications, Verizon, Virgin Media, FrontierCommunications, Bell Sympatico, UPC, T-Online, Optus, Mediacom,ONO_(Spain), and Bigpond (Telstra) may implement domain name server(DNS) hijacking for their own purposes, such as displayingadvertisements or collecting statistics. This practice may violate theRFC standard for DNS (NXDOMAIN) responses, and can potentially openusers to cross-site scripting attacks.

Redirecting website or Internet search requests can be less intrusiveallowing a DNS server, provided by a service, such as OpenDNS tointercept and block known sites known to be malicious or known to havecontent which the user wishes to block, etc. The provider of the DNSserver may charge a fee for this service, or also promoteadvertisements, collect statistics, etc. DNS hijacking is commonlyimplemented around hijacking a NXDOMAIN response. Internet and intranetapplications rely on the NXDOMAIN response to describe the conditionwhere the DNS has no entry (match) for the specified host. A NXDOMAINresponse informs the application that the name is invalid and usuallyinforms the user that an error has occurred. However, if the domain nameis queried on non-compliant ISPs, the end user would always receive afake IP address belonging to the ISP.

When browsing within a web browser, this forceful redirecting of theuser's inquiry can be annoying or offensive as connections to this IPaddress display the ISP redirect page of the provider, sometimes withadvertising, instead of a proper error message. However, otherapplications that rely on the NXDOMAIN error will instead attempt toinitiate connections to this spoofed IP address, potentially exposingsensitive information. It is the nature of the implementation of TCP/IPto issue a DNS request that is independent of any information that couldbe used to determine the activity or program in the device that issuedthe request. Consequently, many other connection-oriented activities,such as virtual private network (VPNs), are disrupted and often renderedbroken by these types of communications.

One example method of operation may include detecting abrowser-automatic-redirection of a user initiated search attempt fromthe browser's address bar. When the search is input into the browseraddress bar directly, the URL must be in a standard format or else anerror is almost inevitably received. These browser-automatic-redirectionof a user initiated search attempts are generally not from regularsearches entered into the search engine pages, such as provided on thehome page of Google, Bing, or Yahoo.

Another example embodiment may include only observe the upstream HTTPtraffic, detect the occurrence of the above-noted activity, and causethe user's browser to be redirected to an ISP-designated landing pagewith the original search term accompanying the redirection to providerelevant search results along with other information.

FIG. 1 illustrates an example web browser according to exampleembodiments. Referring to FIG. 1, the address bar 112 of a web browser110 is being used to initiate a search for a user inputted message of“Mary Had a Little Lamb.” Clearly, such a long phrase is not likely tobe recognized by the search engine or corresponding DNS server as apre-stored web address. Some web browsers will recognize this input as afalse URL, and will respond with an error message 114 indicating thatthe DNS server has found the web address to be invalid. Other webbrowsers operating in default configuration (e.g., Internet Explorer®)will take the input “Mary had a little Lamb” and submit it to a searchengine, such as BINGO or Google®. The result may be a page ofsuggestions and related advertisements, which are motivated by apre-existing business agreement. If the user observes and clicks on anyof the sponsored links related to the landing page, one or more entitieswill profit from the user's selection of the sponsored link.

Some vendors have a filter enabled before the DNS server that resolvesthe inputted web address information. In this case, the generated“NXDOMAIN” message will be discovered in the overhead search data andthe user's query will be automatically redirected to a bogus URL thatgoes to a monetizing landing page. Landing pages are usually almostentirely unrelated to the search criteria and may produce bogus resultswhich the end user will find unsatisfactory as a response to an attemptto find a relevant website.

Example embodiments of the present invention include examining a URLthat has been modified by a browser to be forwarded to a specific searchengine and/or in response to encountering an anomaly responsive toobtaining the IP address of the URL domain. In general, the modified URLmay be filtered since it has certain characteristics that arerecognizable.

According to one example, if search engine specific searches arecaptured at the ISP and sent to a bogus landing page, customers maycomplain and the search engine companies may also complain. Examples ofcertain web browsers may include, Internet Explorer versions (i.e., IE6,IE7, IE8), Firefox versions, Chrome versions, different default engines,etc. Browser modified searches, are performed automatically undercertain error conditions. These modified searches are the types ofsearches that take the user input information, intercept the NXDOMAINerror message and modify the original error information to redirect thesearch to comply with the corresponding search engine instead ofreturning an error message. In each of these browser modified searchexamples, there are no REFERER HTTP parameters in the overhead data ofthe search information. The browsers do not have a procedure fordiscovering when a user initiated input string entered into the addressbar is not a well-formed domain, and as a result the browser does notattempt to resolve the invalid DNS address. In this example, a NXDOMAINHTTP response message will not be presented before submitting the stringin the address bar to a default landing page, which can also be utilizedby a search engine to produce some customized landing page searchresults and monetized advertising.

When visiting a webpage, the referrer or referring page may be the URLof the previous webpage from which a link was followed. A referrer isthe URL of a previous item which led to a subsequent webpage or searchrequest. The referrer for an image, for example, is generally the HTMLpage on which it is to be displayed. The referrer field (intentionallymisspelled as REFERER) is an optional part of the HTTP request sent bythe web browser to the web server.

A REFERER refers to the webpage that initiated the search and the word,REFERER, is submitted to the search engine as part of the normallyhidden header block of a user initiated search, which includes the useragent fingerprint we used. However, a browser modified search of anon-recognizable URL does not include a REFER parameter when the browsermodifies an automated search. The browser modified search modifies theoriginal user input search or query for a particular URL. In general,any user initiated search or webpage request that is initially submittedto a web browser will almost always generate a REFER parameter when thedomain name of the URL cannot be resolved.

According to example embodiments, a filter is configured to filter thewebsite request data. The filter may be a packet filter that is used toexamine received packet information for certain HTTP requestinformation. The information in the website request data is examined forthe existence of a REFERER message. If the REFERER message is present,then that particular request is left alone. This ensures that the searchengines and ISPs are not violating the RFC committee rules or creatingproblems for the Internet search engines. However, if the message is aweb browser modified search that does not include the REFERER parameterthen that particular query is blocked so that the efforts of the browserto redirect the invalid search results to a landing page or other thirdparty information source is stopped. In other words, the searchfiltering application according to example embodiments will allow thepassing of the questionable URLs or initially invalid URLs entered bythe user (e.g., those that could have been intentionally entered tosearch for something specific). Those search initiated URLs that areallowed to pass from the ISP to the Internet and subsequent searchengines, etc., include the REFERER parameter as part of the HTTP request(e.g., in the header).

Implementing a check for a REFERER parameter in a browser request headerprovides one example way to distinguish original user initiated queriesfrom browser modified queries. Two common instances when an Internetuser with a web browser performs a search for a term may be when typingthe search into a Google, Yahoo or Bing search box or home page, or intoa separate search box on some other search-enabled webpage that isprovided for the convenience of the visitor to perform a search directlyfrom that webpage (e.g., a small search box on an otherwise establishedwebpage CNN, MSN, etc.).

FIG. 2 illustrates an Internet search network configuration according toexample embodiments. Referring to FIG. 2, the end user 200 may type asearch into the address bar of the web browser 110 (as illustrated inFIG. 1), which is where a URL inquiry normally is placed. The search issent from the user's personal computer/workstation 202, or may insteadbe sent from a comparable mobile computing device, such as a tabletcomputing device, smartphone, PDA, etc. If the domain name URL does notexist according to the local DNS server 212, then an NXDOMAIN HTTPresponse may be received at the ISP 210 over the Internet and forwardedto the end user 200. The NXDOMAIN HTTP response may be a response fromthe DNS server 212 that it cannot resolve the request. When thisresponse is received, the ISP 210 resubmits (redirects) the request tothe default-configured search provider, which may be configured in theweb browser. For example, for current versions of Internet Explorer thedefault search provider is BING, and for Firefox, it's Google. The webbrowser may recognize invalid or impossible domain names and may proceedto skip the lookup procedure and instead send the request directly toBING or a user-selected default provider.

Most ISPs now use products that sit in front of the DNS server andcapture the DNS responses, and when they respond with an NXDOMAIN, thoseproducts instead return the IP address of a search landing page withadvertisements that are sponsored by third party affiliates. Thisscenario provides ISPs with about a buck per year for each subscriber asadded revenue. However, all such ISPs are required to accommodate usersfor with the replacement of the NXDOMAIN message by redirecting them toa fake landing page address which causes disruption. Such a defaultredirection of the users' search requests are generally regarded asunsatisfactory to the users.

Fewer user mistakes are reported back to the user as more browsersresponse responds with predetermined links from an invalid webpage, thebrowser history and/or the favorites bar, etc. Users are increasinglyimplementing the address bar as a tool from which to initiate a search.The newer search related applications are redirecting all invalid webaddress requests to a search provider, which directs them to a facilitythat examines the search request and tries to determine if it came froman automatically generated search related to the address bar of the webbrowser. Alternatively, the search may have been originated from asearch engine home page, (Google). If the search is examined and thedata reveals that it is an automatic search from the address bar, theuser may be redirected to the ISP's monetizing landing page.

According to example embodiments, the URL request is examined closelyvia a filter to examine the URL request directly without redirecting theuser's request to a third party landing page and without having to lookat the DNS traffic. The patterns for requests automatically generated bythe web browser usually appear differently from those that come fromother intentional search boxes or home pages.

According to one example, the terms CHEAP and PATENT were entered as twoseparated words into an address bar of a web browser. The search enginerecognized that the URL was not formatted correctly and was not awell-formed URL. As a result, the search was automatically sent to asearch engine that was configured as the default-configured searchprovider.

The dialog from the web browser was analyzed by a protocol analyzer, andthe result is included below.

GET/ search?source=ig&hl=en&rlz=&q=cheap+patent&btnG=Google+Search&aq=f&aqi=g-v1g-b1&aql=&oq= HTTP/1.1 Host: www.google.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101Firefox/4.0.1 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/;q=0.8Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflateAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115Connection: keep-alive Referer: http://www.google.com/ig?hl=en Cookie:PREF=ID=162ec2c30fca3a3d:U=415e2783207dd2be:TM=1308507183:LM=1308507183:S=7PJ9YHYENVdLxphJ;NID=48=ILnd9NzontdZdikvop08LIjb26Kh3Xski60vfQIAMonJOChYyvxjbgTm7ZMOI3NCUv953lRjlCnFXrpUdTkRlMAlX2u1T2duafB6Uk3RnYuWqZ2BVnB-eW3gLHQVhaqH; SID=DQAAALoAAAB9LcIuT--sMdWjkoggdHkze-6wwOl3pWkZ7qyowyVraiEKXGM37baZeHsenv05RWgoQTLQWoDLm4pGAwDjRnVNCEGvo5XeKH14yC4vgS8rdDXtVIq4ag20eRlWB9CF0BxLQUaRW4QyUHvXHHW6mkdGYjZB3-aLmJzkhnBgOzPgyCx52DyXkKS2-YavomA0gCSjWG5gqS1izB3HuK-pxjBWo1jqFjzKGQuE_2px-ZgOmoC8782mEfpnybrkrwWLbEo; HSID=AAMxYgzQTmoflsnK7.

The first line is the GET (after the first forward slash) with thevarious data included with CHEAP and PATENT in the GET and the host willsend it to the second line of a search engine. Identifying the uniqueaddress bar-generated pattern of information and the ability to extractthe search words (in this example right after “&q=”) that makes thissearch intercepting application operate correctly.

Below is an example of an Internet Explorer address bar entry that wouldbe sent to Google, but identified by this application. As may beobserved about ⅔ of the way down captured data, a reference to “Referer:http://www.google.com/ig?hl=en” indicates that the webpage that was usedto enter the search for CHEAP and PATENT. In this example, the searchengine was Google's homepage. Given the data provided above, this couldnot have been an address bar search query since REFERER was part of thedialog.

If the search request initiates directly from the browser's address bar,the web browsers do not send a REFERER. In this example, certainliberties may be taken since the REFERER parameter is not present. Sinceit is known that any of the home page searches or any of the GOGGLEsearch boxes included on third party webpages, for example, always haveREFERER in the dialog. An automatic search from the address bar does notinclude any REFERER parameter. Capturing more address bar searches whichhave been modified by the web browser and do not have a REFERERparameter can limit the amount of landing page redirects and otherbrowser modified activity that end user may find unsatisfactory.

If the REFERER parameter is not present in the intercepted/filteredsearch initiated data and it matches a predetermined pattern stored inthe application itself for the more common web browsers (e.g., IE6, IE7,IE8, IE9, XP, Vista, WIN7, Firefox versions, Chrome versions, etc.)

Some web browser versions, for example, do not discriminate between thein-browser search box and the browser search address bar. In thosebrowser versions, it may be desired to avoid a redirection since theuser is intentionally using a specially marked search box provided bythe website. As a result, the issued HTTP request can be examined bytrial and error to determine which browser-initiated automatic searchesperformed from the address bar are distinct in address bar only userinitiated searches.

The operations of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in acomputer program executed by a processor, or in a combination of thetwo. A computer program may be embodied on a computer readable medium,such as a storage medium. For example, a computer program may reside inrandom access memory (“RAM”), flash memory, read-only memory (“ROM”),erasable programmable read-only memory (“EPROM”), electrically erasableprogrammable read-only memory (“EEPROM”), registers, hard disk, aremovable disk, a compact disk read-only memory (“CD-ROM”), or any otherform of storage medium known in the art.

An exemplary storage medium may be coupled to the processor such thatthe processor may read information from, and write information to, thestorage medium. In the alternative, the storage medium may be integralto the processor. The processor and the storage medium may reside in anapplication specific integrated circuit (“ASIC”). In the alternative,the processor and the storage medium may reside as discrete components.For example, FIG. 3 illustrates an example network element 300, whichmay represent any of the above-described network components of FIG. 2.

As illustrated in FIG. 3, a memory 310 and a processor 320 may bediscrete components of the network entity 300 that are used to executean application or set of operations. The application may be coded insoftware in a computer language understood by the processor 320, andstored in a non-transitory computer readable medium, such as, the memory310. Furthermore, a software module 330 may be another discrete entitythat is part of the network entity 300, and which contains softwareinstructions that may be executed by the processor 320. In addition tothe above noted components of the network entity 300, the network entity300 may also have a transmitter and receiver pair configured to receiveand transmit communication signals (not shown).

One example method of processing a user initiated request forinformation may include examining a web browser's response datagenerated in response to a user initiated request including a uniformresource locator (URL) submitted by the user to the web browserapplication. In response, it may be determined by examination from thebrowser response data that the URL is an invalid URL that cannot beresolved to a corresponding webpage. In response, subsequent attempt totransmit the user initiated request as a browser modified search requestthat includes modifications to the user initiated request may beblocked.

Some browsers operate by receiving the “NXDOMAIN” message and taking noaction at all. Other browsers, such as IE and Chrome, respond whenreceiving a NXDOMAIN data parameter because the domain could not beresolved in the DNS. Generally, the additional operations performed bythe browser are performed since the input information appeared to be aproperly formatted web domain or URL. For example, by continuing tosubmit the unresolved (NXDOMAIN) URL to the search engine, the exampleembodiments of the present application will be readily invoked.

One example embodiment of the present invention may include a method ofprocessing a user initiated request for information. The method mayinclude receiving a user initiated request including a uniform resourcelocator (URL) submitted to a web browser application, at operation 402.The method may also include receiving a response that the URL is aninvalid URL that cannot be resolved to a corresponding webpage, atoperation 404 and blocking a subsequent attempt to transmit the userinitiated request as a browser modified search request that includesmodifications to the user initiated request, at operation 406.

While preferred embodiments of the present invention have beendescribed, it is to be understood that the embodiments described areillustrative only and the scope of the invention is to be defined solelyby the appended claims when considered with a full range of equivalentsand modifications (e.g., protocols, hardware devices, software platformsetc.) thereto.

What is claimed is:
 1. A method of processing a user initiated requestfor information, the method comprising: receiving a user initiatedrequest including a uniform resource locator (URL) submitted to a webbrowser application; receiving a response that the URL is an invalid URLthat cannot be resolved to a corresponding webpage; filtering the userinitiated request to identify whether hypertext transfer protocol (HTTP)request information exists and includes a REFERER message; and and ifthe REFERER message is not present in the HTTP request, then blocking asubsequent attempt to transmit the user initiated request as a browsermodified search request that includes modifications to the userinitiated request to avoid a redirect of the user initiated request. 2.The method of claim 1, wherein the user initiated request is received asuser input to an address bar portion of the web browser application. 3.The method of claim 1, wherein receiving a response that the URL is aninvalid URL that cannot be resolved to a corresponding webpage comprisesreceiving a NXDOMAIN HTTP parameter.
 4. The method of claim 1, whereinthe browser modified search request comprises at least part ofinformation associated with the user initiated request and does notinclude the REFERER HTTP parameter.
 5. The method of claim 1, whereinthe user initiated request is received as user input to a search boxportion of a search-enabled web page.
 6. The apparatus of claim 1,wherein the user initiated request is received as user input to a searchbox portion of a search-enabled web page.
 7. An apparatus configured toprocess a user initiated request for information, the apparatuscomprising: a receiver configured to receive a user initiated requestincluding a uniform resource locator (URL) submitted to a web browserapplication and receive a response that the URL is an invalid URL thatcannot be resolved to a corresponding webpage; and a processorconfigured to filter the user initiated request to identify whetherhypertext transfer protocol (HTTP) request information exists andincludes a REFERER message, and if the REFERER message is not present inthe HTTP request, then block a subsequent attempt to transmit the userinitiated request as a browser modified search request that includesmodifications to the user initiated request to avoid a redirect of theuser initiated request.
 8. The apparatus of claim 7, wherein the userinitiated request is received as user input to an address bar portion ofthe web browser application.
 9. The apparatus of claim 7, wherein thereceived message that the URL is an invalid URL that cannot be resolvedto a corresponding webpage comprises a NXDOMAIN HTTP parameter.
 10. Theapparatus of claim 7, wherein the browser modified search requestcomprises at least part of information associated with the userinitiated request and does not include the REFERER HTTP parameter.
 11. Anon-transitory computer readable storage medium comprising instructionsthat when executed causes a processor to process a user initiatedrequest for information, the processor being further configured toperform: receiving a user initiated request including a uniform resourcelocator (URL) submitted to a web browser application; receiving aresponse that the URL is an invalid URL that cannot be resolved to acorresponding webpage; filtering the user initiated request to identifywhether hypertext transfer protocol (HTTP) request information existsand includes a REFERER message; and and if the REFERER message is notpresent in the HTTP request, then blocking a subsequent attempt totransmit the user initiated request as a browser modified search requestthat includes modifications to the user initiated request to avoid aredirect of the user initiated request.
 12. The non-transitory computerreadable storage medium of claim 11, wherein the user initiated requestis received as user input to an address bar portion of the web browserapplication.
 13. The non-transitory computer readable storage medium ofclaim 11, wherein receiving a response that the URL is an invalid URLthat cannot be resolved to a corresponding webpage comprises receiving aNXDOMAIN HTTP parameter.
 14. The non-transitory computer readablestorage medium of claim 11, wherein the browser modified search requestcomprises at least part of information associated with the userinitiated request and does not include the REFERER HTTP parameter.